JWT Assertions have requirements that are not met by the Signed Request object. https://tools.ietf.org/html/rfc7523#section-3 e.g. "The JWT MUST contain an "exp" (expiration time) claim"
Can we use the signed request object for Client Authentication in CIBA without meeting these requirements? https://xml2rfc.tools.ietf.org/cgi-bin/xml2rfc.cgi?Submit=Submit&format=ascii&mode=html&type=ascii&url=https://bitbucket.org/openid/mobile/raw/tip/draft-mobile-client-initiated-backchannel-authentication.xml?at=default#auth_request